Image

Image

Though the file contained 300,000 email/usernames and passwords, through our analysis we were able to determine that only approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers. As part of our investigation, our team also uncovered other usernames that were present on the RootsWeb server that, though not on the file shared with us, we reasonably believe could have been exposed externally. We are taking the additional step of informing those users as well. We believe the intrusion was limited to the RootsWeb surname list, where someone was able to create the file of older RootsWeb usernames and passwords as a direct result of how part of this open community was set up, an issue we are working to rectify.Blackham goes on to note that he has no reason to believe any Ancestry systems were compromised. He also reassured those affected by the breach that sensitive information including their financial data and Social Security Numbers are safe. In response to the breach, Ancestry.com has temporarily taken RootsWeb offline while it works to make sure all user data is "safe and preserved." It's also locked all 55,000 Ancestry.com users affected by the RootsWeb breach and notified them of the incident. Those users must change their passwords if they wish to regain access to their accounts. Those affected by the breach can use these experts' advice to create a strong, unique password for their Ancestry.com profile and other web profiles. Meanwhile, the genealogical service has said it will continue to work with regulators and law enforcement to investigate the breach and minimize its impact.